Gerente Arquitectura y Normatividad

• Oct 2022 - Present

Cybersecurity Audit Leader

• Jul 2019 - Oct 2022

• Ensure an objective and independent evaluation of the Internal Control System in FEMSA's business units, helping to reduce risks in the integrity and confidenciality of information, the company's assets and, in general, the efficiency of the operation.• Responsible for the planning and execution of cybersecurity audits based on ISO 27001, OWASP, CIS, SANS, MITRE and NIST.• Identify deficiencies regarding the use of computer technology and interconnection with the systems of the audited units (cyber threats).• Assist in having an updated methodology for IT and IS audits, ensuring that the most significant IT and IS risks of the business units are included in the Annual Audit Plan, and that recommendations are generated to eventually reduce unnecessary costs in control management.• Ensure that fraud risks with a high probability of occurrence in key business processes are monitored with the appropriate frequency and scope according to the Security Program.• Support in the definition and maintenance of the optimal staff structure. Show less

Senior IT Auditor

• May 2013 - Jun 2019

• Responsible for the planning, implementation, monitoring and closure of business processes and IT audits such as:o Security and Cybersecurity Reviews based on ISO 27001, OWASP and NIST.o General Controls based on COBIT, ITIL, SOX.o System Application Controlso Review of laws and regulations.• Evaluation of Operational Risks and IT Security.• Follow-up to areas of opportunity identified in the audits.• Information technology consulting.• Evaluation of the IT Functional Support model to evaluate compliance with the control framework in compliance with SLA, penalties, documentation of solutions, contracts and performance analysis with suppliers. Show less

Senior IT Auditor

• Nov 2012 - May 2013

I have participated in several projects including documenting / updating processes and controls, identifying risks, testing design effectiveness, and remediation: - External audit services. - Sarbanes-Oxley (SOX) audit. - Business system controls (related to ERP’s) identification and testing. I have participated in several projects including documenting / updating processes and controls, identifying risks, testing design effectiveness, and remediation: - External audit services. - Sarbanes-Oxley (SOX) audit. - Business system controls (related to ERP’s) identification and testing.

Senior IT Advisory

• May 2008 - Nov 2012

I have participated in several projects including documenting / updating processes and controls, identifying risks, testing design effectiveness, and remediation: - External audit services, - Sarbanes-Oxley (SOX) audit, - Business system controls (related to ERP’s) identification and testing, - IT advisory and business continuity planning, - SAS70/ISAE3402/SSAE16 attestation engagements, - Internal control audit, - Systems architecture assessment, - IS Governance assessment; All of these across a number of industries including: Aviation, Automotive, Chemicals, Construction, Oil & Gas, Financial Services, Entertainment, Manufacturer and Steel industry. Show less

Sales engineering advisory

• Aug 2005 - Sep 2006